3 matches found
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2021-43818
CVE-2021-43818 affects python-lxml’s HTML Cleaner (lxml.html). Before 4.6.5, the HTML cleaner lets crafted script content pass through, including scripts in SVG data URLs, enabling potential XSS in security-relevant contexts. A fix is available in lxml 4.6.5; upgrade to receive the patch. The con...
CVE-2022-36946
The CVE-2022-36946 issue affects nfqnl_mangle in net/netfilter/nfnetlink_queue.c of the Linux kernel (through 5.18.14). When nf_queue verdicts include a one-byte nfta_payload attribute, skb_pull can encounter a negative skb->len, enabling a remote attacker to trigger a denial of service (panic...